Security

Email is still the front door

Editorial Team March 23, 2025 · 1 min read

Despite years of headlines about Slack and Teams replacing email, email is still where the bulk of attacks land. It is the front door, and the front door deserves a real lock.

The minimum modern email security stack

  1. SPF, DKIM, and DMARC properly configured. All three. With DMARC at quarantine or reject, not just none.
  2. Anti-impersonation protection for executives and finance staff.
  3. External sender warnings on inbound mail.
  4. Attachment sandboxing for office documents and PDFs.
  5. URL rewriting and time-of-click verification. Many phishing links are clean at delivery and weaponized later.

What this catches that defaults miss

Reply-chain hijacks. Vendor compromise. Sophisticated impersonation. Time-delayed payloads. None of these are caught by stock anti-spam.

Tagged Cybersecurity Phishing Microsoft 365 Best Practices
— Keep reading

Related posts.

Security
April 28, 2026 · 1 min read

Why every small business needs a security baseline (and what that actually means)

The phrase "we are too small to be a target" is the most expensive sentence in IT. Here is what a real baseline looks like, in plain language, with the steps you can take this week.

Editorial Team
Security
April 7, 2026 · 1 min read

Phishing that actually works in 2026: what your team should know

The phishing techniques that actually work right now and the five-second checks anyone in your organization can do to spot them.

Alebrije Admin
Security
March 3, 2026 · 1 min read

Microsoft 365 hardening: the seven settings most tenants get wrong

Default Microsoft 365 settings are not a security baseline. Seven specific changes that take an afternoon and meaningfully reduce risk.

Alebrije Admin